Founder of Xen and KVM hypervisors turns his sights to security during year highlighting critical vulnerabilities in software delivery
HOUSTON–(BUSINESS WIRE)–#SBOM—Codenotary, the immutability specialist that can instantly identify untrusted components in software, today announced that it has raised $12.5 million in series B funding by new and existing investors Bluwat, Elaia and others.
The financing follows a series A round in July 2020 of $5.5 million with the same investors, bringing the total funding to $18 million, which will be used to accelerate product development and expand marketing and sales worldwide beyond the current 100-plus customers that include some of the world’s largest banks.
Codenotary co-founders are, Moshe Bar, CEO, and Dennis Zimmer, CTO, who started the company in late 2018. Bar was previously a co-founder of Qumranet, the company that developed the now ubiquitous Linux KVM hypervisor, which was sold for $127 million to Red Hat in 2008. Prior to that, he founded hypervisor company XenSource which was sold for $500 million to Citrix in 2007.
“Codenotary offers a solution which allows organizations to quickly identify and track all components in their DevOps cycle and therefore restore trust and integrity in all their myriad applications. Combined with Codenotary’s leading immutable database, immudb, the company has achieved a leader position in this new market,” said Pascal Blum, senior partner at Bluwat AG in Switzerland, an early investor in Codenotary.
Codenotary provides tools for notarization and verification of the software development lifecycle attesting to the provenance and safety of the code. The company provides an indelible solution for processing millions of transactions per second, on-premise or in the cloud, and with cryptographic verification. It gives developers a way to attach a Software Bill of Materials (SBOM) for development artifacts that include source code, builds, repositories, and more, plus Docker container images for their software.
“The SolarWinds supply chain hack – and the more recent the Log4j vulnerabilities – have brought front-and-center the dangers of software lifecycle attacks and was the precursor to President Biden’s Executive Order on Improving the Nation’s Cybersecurity, which includes providing a purchaser a SBOM for each application,” said Moshe Bar, co-founder and CEO, Codenotary. “Now, within just the last 2 or 3 months, everyone wants and needs to provide a Software Bill of Materials to prove the legitimate provenance of their software – and more importantly – the ability to instantly identify untrusted components such as Log4j in their deployments.”
Recently, Codenotary introduced the Community Attestation Service (CAS), the first free, open source notarization and verification service — enabling software projects and businesses to easily create an SBOM attesting to the contents of software. “CAS is already being used to attest to over 1 million artifacts a day by Home Assistant, the world’s largest home automation platform and 10th largest project on github supporting over 1,800 devices with close to 10,000 contributors and over Github 50K stars,” said Pascal Vizeli, co-founder of the Home Assistant project.
Codenotary is the primary contributor to immudb, the first and only open source enterprise-class database with data immutability at scale for demanding applications — up to billions of transactions per day. Codenotary uses immudb to underpin its notarization and verification product. There have been more than 12 million downloads of immudb so far.
Codenotary brings easy to use trust and integrity into the software lifecycle by providing end-to-end cryptographically verifiable tracking and provenance for all artifacts, actions, and dependencies. Codenotary can be set up in minutes and can be fully integrated with modern CI/CD platforms. It is the only immutable and client-verifiable solution available that is capable of processing millions of transactions a second. With the Codenotary tamper-proof bill of materials, users can instantly identify untrusted components in their software builds. For more information, go to https://www.codenotary.com.
Joe Eckert for Codenotary